diff --git a/config/cfgroot/loxilb-FWconfig.txt b/config/cfgroot/loxilb-FWconfig.txt
new file mode 100644
index 000000000..5aced859f
--- /dev/null
+++ b/config/cfgroot/loxilb-FWconfig.txt
@@ -0,0 +1 @@
+{"fwAttr":[{"opts":{"counter":"0:0","doSnat":true,"toIP":"REDIP"},"ruleArguments":{"destinationIP":"0.0.0.0/0","portName":"green0","sourceIP":"0.0.0.0/0"}}]}
diff --git a/lfs/configroot b/lfs/configroot
index b939c5df2..b52eee538 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -104,6 +104,7 @@ $(TARGET) :
 	cp $(DIR_SRC)/config/cfgroot/udp_ports			$(CONFIG_ROOT)/ddos/udp_ports
 	cp $(DIR_SRC)/config/cfgroot/dns-ddos-settings		$(CONFIG_ROOT)/ddos/dns-ddos-settings
 	cp $(DIR_SRC)/config/cfgroot/loxilb-settings		$(CONFIG_ROOT)/loxilb/settings
+	cp $(DIR_SRC)/config/cfgroot/loxilb-FWconfig.txt	$(CONFIG_ROOT)/loxilb/FWconfig.txt
 	cp $(DIR_SRC)/config/cfgroot/time-settings		$(CONFIG_ROOT)/time/settings
 	cp $(DIR_SRC)/config/cfgroot/logging-settings		$(CONFIG_ROOT)/logging/settings
 	cp $(DIR_SRC)/config/cfgroot/ethernet-vlans		$(CONFIG_ROOT)/ethernet/vlans
diff --git a/src/initscripts/system/loxilb b/src/initscripts/system/loxilb
index 0f49ac837..bae57d9ae 100755
--- a/src/initscripts/system/loxilb
+++ b/src/initscripts/system/loxilb
@@ -37,13 +37,19 @@ case "$1" in
 			mkdir -p /opt/loxilb/dp/
 			mount -t bpf bpf /opt/loxilb/dp/
 
-			loadproc -b loxilb --blacklist="eth[0-9]"
+			#enable egress firewall SNAT for green network
+			redip=$(< /var/ipfire/red/local-ipaddress)
+			sed -i "s/\"REDIP\"/\"$redip\"/" /var/ipfire/loxilb/FWconfig.txt
+
+			loadproc -b loxilb --config-path="/var/ipfire/loxilb/" --blacklist="eth[0-9]"
 		fi
 		;;
 
 	stop)
 		boot_mesg "Stopping loxilb..."
 		if [ "$ENABLE_LOXILB" == "off" ]; then
+			#remove egress firewall SNAT for green network
+			loxicmd delete firewall --firewallRule="portName:green0"
 			killproc loxilb
 		fi
 		;;